Hardware encryption vs software encryption: the simple guide

Encryption is an incredibly important tool for keeping your data safe. When your files are encrypted, they are completely unreadable without the correct encryption key – so if someone steals your encrypted files, they can’t actually do anything with them.

But there are actually two types of encryption – hardware and software – both of which offer different advantages. So what these two encryption methods. And why do they matter?

Software encryption

As the name implies, software encryption uses software tools to encrypt your data. Some examples of these tools include the BitLocker drive encryption feature of Microsoft Windows, or the 1Password password manager. Both use encryption tools to protect information on your PC, smartphone, or tablet.

Software encryption typically relies on a password; give the right password, and your files will be decrypted, otherwise they remain locked. With encryption enabled, it is passed through a special algorithm that scrambles your data as it is written to disk. The same software then unscrambles data as it is read from the disk for an authenticated user.

Pros

Software encryption is typically quite cheap to implement, making it very popular with developers. Software-based encryption routines do not typically require any additional software or hardware either – they just work.

Cons

Software encryption is only as secure as the rest of your computer or smartphone. If a hacker can crack your password, the encryption is immediately undone.

Software encryption tools also share the processing resources of your computer, which can cause the whole machine to slow down as data is encrypted/decrypted. You will also find that opening and closing encrypted files is much slower than normal because the process is relatively resource intensive, particularly for higher levels of encryption.

Hardware encryption

At the heart of hardware encryption is a separate processor dedicated to the task of authentication and encryption. Hardware encryption is increasingly common on mobile devices – the TouchID fingerprint scanner on Apple iPhones is a good example.

The technology still relies on a special key to encrypt and decrypt data, but this is randomly generated by the encryption processor. Often hardware encryption devices replace traditional passwords with biometric logons (like fingerprints), or a PIN number that is entered on an attached keypad.

Pros

Hardware encryption is considered to be safer than software encryption because the encryption process is kept separate from the rest of the machine. This makes it much harder to intercept or break.

The use of a dedicated processor also relieves the burden on the rest of your device, making the encryption/decryption process much faster.

Cons

Typically hardware-based encrypted storage is much more expensive than a software tool. BitLocker is included as free with all new versions of Microsoft Windows for instance, but an encrypted USB thumb drive is quite expensive – especially when compared to an unencrypted alternative.

The data recovery challenge

Encrypted data is extremely hard to recover. Even if the raw sectors are recovered from a failed drive, it is still encrypted – which means it is still unreadable. Some software encryption systems, like BitLocker, have built-in recovery mechanisms – but you need to have set up your recovery options in advance.

Hardware encrypted devices don’t typically have these additional recovery options. Many are designed to prevent decryption in the event of a component failure, stopping determined hackers from disassembling them.

The fastest and most effective way to deal with data loss on an encrypted device is to ensure you have a complete backup stored somewhere safe. For your PC, this may mean copying data to another encrypted device. For other devices, like your smartphone, backing up to the Cloud provides a quick and simple economy copy that you can restore from. As an added bonus, most Cloud services now encrypt their users’ data too.

What to do if you have a problem

I’m normally loathed to put in a ‘call us’ sign off to a blog post, but in the event that you don’t have a current backup, you will need to seek professional assistance. Our engineers can provide advice and guidance, but depending on the complexity of the encryption algorithm used, they may not be able to guarantee successful recovery. That said, what we would do is ask you to send in the entire laptop/computer as there may be hardware components not held within the hard drive itself but is critical to decrypting the data.

If you are having problems with an encrypted device, and would like to discuss your options, please get in touch.